National Cyber Security Policy (NCSP) is a by-product of the national level to carry out the National Cyber Security Strategy that is based on strategy intent to be in, from current where they are, and level up from where the national are. In execution, we keep saw lot of countries attempt to “smart copy” from other country and thought simply do what smart country and nation do will be bring you be one of the smart country or nation, in term of cybersecurity initiative. What do you think? The answer is wrong, for a nation to gain competitive advantage, in particular unfair strategy advantage, you need to craft your very own strategy from bottom-up that reflects your very national reality and context.
Let face it, you can not be copy other people strategy and them attempt to yield the result like those who craft it from their very own strategy situation, that based on their own internal weakness and strengths, external opportunity and threat (SWOT), take in consideration of others national policies that in place, implementing , and more important, competitive analysis of other national what they attempt to do, and with the dynamic strategy intent in mind, because the whole world, even your neighbour country will not be static and no moving, and wait for you to copy and do nothing, at the time you copied and do what they do, they always moving to another higher strategy thrust, so you end up losing, from the very beginning.
When in the strategy domain, it needs to build based on dynamic competitive analysis, whether for the national, enterprise or individual competing environment. The world will not stop and keep evolving, in particular for the technology, and it will impact the business-government, so will the national balance of the competitive advantage in the real time. Overall cybersecurity strategy and the outcome policy, in return, either make you a loser in the very beginning, for those who copy without even really understanding for their own national competency, strengths, weaknesses, opportunity, threats and how to adapt for it for the changing national priority for the future context. It is pointless for your reference for the current or past policy, as it is the past. What matters most is the accurate and effective forecast and prediction for the future best, worst, likely scenario and performing backward reverse planning to have all the plans to address them.
Unfortunately, most of the nation is staffing not by wholistic execution of the sound strategy first before policy making, or it is two different organization and identity, which end up, two different silo of entity that each one interpret the national future in their very own understanding or perception they perceived should be, instead of business and national intelligence that suppose to provide competitive decision making and strategy formulation.
When in the strategy, from the past to now, it is all about resources management, you need to know what you have, and what your competitor (nation that will compete with you), their strategy moves, and next move prediction (it is not just about your own move that matters). To win the nation strategy, you need to know where to let go, and where to focus. You can not be invested in all the areas where you are nothing really in strategic focus, and nothing you are really your national strengths.
Just like two thousand year ago, Sun Bin, an ancient China strategist recommend their general to bid for the horse race. Instead of bidding based on best, compete with the best, second with the second. Instead, to win, you need to manipulate and creative re-arrangement of the resources, by understanding the whole situation, what the best strategy moves that ensure win in the end, not just one horse race. The result is to use our worst rank horse to bid with competitor top rank horse, and use our best horse to bid with competitor second rank horse, and our second rank horse to bid with their lowest rank horse. The outcome for 2/3 to win in the overall. That is the essential for the strategy, it is the strategy mindset that matters before strategy formulation and policy framework making.
Most of the government agencies who staffing for the said function may not possess that training and experience to execute the role and duties, it is very dangerous for the nation without providing systematic training that focuses on the strategy mindset development. Purely focus on getting others to help smart copy other national cybersecurity strategy and policy, do you think it really works?
E-SPIN Group in the enterprise ICT solution supply, consulting, project management, training and maintenance support for multinational corporations and government agencies, across the region E-SPIN do business. Feel free to contact E-SPIN for the relevant national cybersecurity strategy, policy and framework development, blue print professional consultancy and training services that we already assist various government national agencies for, across the countries we did business with.
